The Rise of Sophisticated Spear Phishing Using AI

Written by: Richard Eaton


Reports have surfaced regarding a sophisticated form of spear phishing, utilizing ChatGPT to create convincing support emails purportedly from reputable companies such as Microsoft. These emails aim to manipulate users into participating in a live Teams call with a supposed support technician. Alarming instances have emerged where genuine support personnel have had their Facebook accounts compromised for the purpose of gathering personal information and images. To further exploit victims, a paid version of DeepFaceLive enables the training of a 3D model resembling someone known to the target, allowing hackers to appear in real-time on a Teams chat while executing their malicious activities.

While currently considered a relatively uncommon attack, it is a real and audacious threat. It is crucial to exercise caution when engaging with such emails, ensuring to verify the domain of the received invite and the legitimacy of the individuals involved in the call. In case of any suspicions, it is imperative to exit the call immediately and confirm the situation through alternate means.

How the Attack Works

The success of this attack lies in its ability to deceive victims once they are engaged in the support call. The appearance of a live person on the other end of the screen creates a false sense of trust and comfort, making it easier for the perpetrators to manipulate and exploit unsuspecting individuals.

Notably, numerous large corporations have fallen victim to this scam, resulting in substantial monetary losses as funds are redirected to the attackers. The meticulously crafted emails are so convincing that they can easily be mistaken for genuine correspondence, particularly when accompanied by a seemingly legitimate MS Teams invite for support purposes. The level of sophistication in these attacks is cause for concern.

For those utilizing paid versions of ChatGPT, it is possible to request the generation of an example Microsoft support email alerting a user about suspicious activity on their account. Similarly, by posing additional questions to ChatGPT in a similar manner, one can obtain well-crafted examples of support emails from OpenAI. By making minor modifications to these examples, hackers can enhance their authenticity, making them more enticing and effective in luring unsuspecting individuals. It is worth noting that as ChatGPT continues to train on specific queries and requests, it may evolve in its ability to generate increasingly convincing and alarming content.

One aspect of the attack involves the inclusion of payload code in the MS Teams URL invite. This is achieved by appending the GitHub directory to the end of the URL using a discreet and silent trigger, ensuring that users are not alerted to any suspicious activity. When users click on the link, they unwittingly join the meeting while the payload is simultaneously deployed.

Training a 3D model into programs like DeepFaceLive requires a substantial amount of imagery. However, it is important to acknowledge that hackers are unlikely to invest extensive efforts into such projects unless the potential payouts are significant.

While an iOS version of ChatGPT is available for download, there is currently no Windows version. Consequently, individuals who download ChatGPT executables on Windows systems may encounter unexpected surprises. It is crucial to educate clients about the risks involved and, if necessary, engage in discussions regarding the use of ChatGPT and OpenAI technology.


This article highlights the emergence of a sophisticated spear phishing attack that leverages ChatGPT and DeepFaceLive to create convincing support engagements impersonating reputable companies like Microsoft. The attackers’ ability to manipulate users into engaging in live Teams calls, combined with compromising genuine support personnel’s social media accounts, makes this a real and audacious threat.

To protect against such attacks, users must exercise caution, verify the domain of received invites, and confirm the legitimacy of individuals in the call. If any suspicions arise, promptly exit the call and verify the situation through alternate means. For organizations seeking comprehensive staff training and analysis to bolster their cybersecurity defenses, contact us for a consultation. By staying vigilant and informed, we can collectively mitigate the risks posed by these increasingly sophisticated cyber threats.

Get in touch with us

Secutor Cybersecurity is a trusted partner comprised of industry leading experts in the fields of Cybersecurity and Governance, Risk and Compliance. We partner with our clients to deliver on-demand solutions tailored to expertly navigate the regulatory demands of their specific industries.

Our proven track record of successfully exceeding client expectations is achieved through the combination of our methodical approach, advanced technologies, subject matter experts, and synergy with client team members.

Secutor is your team of world-class problem solvers with vast expertise and experience delivering complete solutions keeping your organization protected, audit-ready, and running smoothly.

Scroll to Top

Secutor Insider Direct

Discover a new era in cybersecurity purchasing. No markups, no hidden fees. Just the right tools at the right price, tailored to your needs, with expert advice from our seasoned cybersecurity professionals.

Ready to Find Your Solution?

Use the form to schedule a consultation, and we’ll reach out within 48 hours to confirm the appointment.

Considering this delay, please only select meeting dates 48 hours or more in advance. Your information will only be used to facilitate a meeting.